CN112465505A - Transaction risk monitoring method based on transaction chain assembly - Google Patents
Transaction risk monitoring method based on transaction chain assembly Download PDFInfo
- Publication number
- CN112465505A CN112465505A CN202011491203.7A CN202011491203A CN112465505A CN 112465505 A CN112465505 A CN 112465505A CN 202011491203 A CN202011491203 A CN 202011491203A CN 112465505 A CN112465505 A CN 112465505A
- Authority
- CN
- China
- Prior art keywords
- transaction
- path
- chain
- new
- transaction chain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000012544 monitoring process Methods 0.000 title claims abstract description 33
- 230000002159 abnormal effect Effects 0.000 claims description 18
- 238000010586 diagram Methods 0.000 claims description 10
- 238000012795 verification Methods 0.000 claims description 10
- 230000005856 abnormality Effects 0.000 claims 1
- 230000000694 effects Effects 0.000 abstract description 3
- 239000000523 sample Substances 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/389—Keeping log of transactions for guaranteeing non-repudiation of a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4016—Transaction verification involving fraud or risk level assessment in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Abstract
The invention provides a transaction risk monitoring method based on transaction chain assembly, which comprises the following steps: a transaction risk monitoring method based on transaction chain assembly is characterized by comprising the following steps: s1, the same transaction exists in the form of atomic transaction among systems, the atomic transaction recorded by the uninterrupted transaction is used and assembled to generate a transaction chain, and the generated transaction chain is stored in a path library; s2, when a new transaction is generated, the new transaction record is disassembled into atomic transactions and reassembled to generate a new transaction chain, and whether the new transaction chain is interrupted or not is judged; s3, matching the new transaction chain with the transaction path in the path library according to the interruption condition of the new transaction chain, and executing S4 after matching is completed; and S4, judging whether the time interval abnormity exists in the new transaction chain without interruption. The invention can optimize the monitoring effect of the transaction monitoring system by continuously optimizing the path library.
Description
Technical Field
The invention relates to the field of banking transaction monitoring, in particular to a transaction risk monitoring method based on transaction chain assembly.
Background
With the increasing competition of the financial industry, the control requirements of banks for internal and external risks are increasing day by day. However, data processing and application systems inside banks are complex, the same transaction needs to be circulated among different systems, different transaction circulation systems and circulation sequences also have differences, and in order to associate the same transaction, the current common practice is to install probes in different systems respectively. However, the system inside the bank is often developed by multiple companies, and the system needs to be modified to install the probes, which consumes a lot of manpower, money and time.
Disclosure of Invention
The invention aims to provide a transaction risk monitoring method based on transaction chain assembly, and aims to solve the problem that in the prior art, when transaction association is realized by installing probes, a system needs to be modified, so that a large amount of labor, money and time are consumed.
The invention provides a transaction risk monitoring method based on transaction chain assembly, which comprises the following steps:
s1, the same transaction exists in the form of atomic transaction among systems, the atomic transaction recorded by the uninterrupted transaction is used and assembled to generate a transaction chain, and the generated transaction chain is stored in a path library;
s2, when a new transaction is generated, the new transaction record is disassembled into atomic transactions and reassembled to generate a new transaction chain, and whether the new transaction chain is interrupted or not is judged;
s3, matching the new transaction chain with the transaction path in the path library according to the interruption condition of the new transaction chain, and executing S4 after matching is completed;
and S4, judging whether the time interval abnormity exists in the new transaction chain without interruption.
Further, the method for generating the transaction chain in step S1 is as follows:
s11, acquiring the atomic transaction of the transaction record without interruption;
s12, associating all atomic transactions with key fields of basic information of customers;
s13, after all atomic transactions are associated, arranging the atomic transactions in the occurrence time sequence so as to generate a transaction chain corresponding to the transaction record;
and S14, repeating the steps S11-S13, and generating corresponding transaction chains for all the transaction records which are not interrupted.
Further, in step S1, the method for storing the generated transaction chain in the path library is as follows:
s15, counting all the transaction chains generated in the step S14, and combining the same transaction chains;
s16, calculating the independent support degree of each merged transaction chain; the support degree is the occurrence frequency of the transaction chain and represents the possibility degree of the transaction chain becoming a normal transaction path, and the higher the value of the support degree is, the higher the possibility is;
s17, setting a minimum threshold value of the support degree of the transaction chain according to the service requirement; the minimum threshold of the support degree can be set according to the practical application condition;
s18, performing manual verification on the transaction chain with the calculated support degree larger than the minimum threshold of the support degree:
(1) marking the calculated support degree which is greater than the minimum threshold of the support degree as a transaction chain of a transaction path through manual verification, marking the transaction chain as a normal transaction path and storing the transaction chain in a path library;
(2) marking the calculated supporting degree which is greater than the supporting degree minimum threshold value as a transaction chain of an abnormal path through manual verification, marking the transaction chain as the abnormal transaction path and storing the transaction chain in a path library;
(3) and marking the transaction chain with the calculated support degree smaller than the support degree minimum threshold as a potential transaction path and storing the potential transaction path in a path library.
Further, the method for generating the new transaction chain in step S2 is as follows:
s21, when a new transaction is generated, the ESB and the comprehensive operation platform push the real-time atomic transaction data of the new transaction to the unified log platform, the log platform converts the received real-time atomic transaction data into a JSON format required by the acquisition system, and the real-time atomic transaction data in the JSON format is sent to Topic of Kafka;
s22, the acquisition system subscribes to the Topic of Kafka, so that the real-time atomic transaction data in the JSON format is received, the real-time atomic transaction data is used for matching key fields of the basic information of the client from the data warehouse, and then all the real-time atomic transaction data are associated with the matched key fields of the basic information of the client;
and S23, after all real-time atomic transaction data are associated, arranging the real-time atomic transaction data in the occurrence time sequence, so as to generate a new transaction chain corresponding to the new transaction record.
Further, in step S2, the method for determining whether the new transaction chain is interrupted includes obtaining message information of the atomic transaction of the new transaction chain, and determining whether there is interruption error reporting information in the message information: if the interruption error-reporting information exists, the abnormal type of the new transaction chain is marked as path interruption; if no interruption is reported in error, the abnormal type of the new transaction chain is set to be null, which indicates that no path interruption occurs.
Further, in step S3, the method for matching the new transaction chain with the transaction path in the path library according to the interruption condition of the new transaction chain is as follows:
s31, for the interrupted new transaction chain, matching the interrupted new transaction chain with the transaction path in the path library, analyzing the system position of the interrupted point by comparing the transaction path with the highest correlation degree in the path library, and adding 1 to the transaction path support degree;
s32, for the new transaction chain without interruption, matching the new transaction chain without interruption with the transaction path in the path library, and if the matched transaction path is found in the path library, adding 1 to the transaction path support degree; and if the matched transaction path is not found in the path library, adding the transaction path of the new transaction chain into the path library and marking as a potential transaction path, and adding 1 to the support degree of the potential transaction path.
Further, the method for matching the interrupted new transaction chain with the transaction path in the path library in step S31 is to select a transaction chain having the same operation code as the operation code in the message information of the interrupted new transaction chain atomic transaction by searching for a transaction path in the path library that is consistent with the known node of the interrupted new transaction chain, and if there are multiple transaction chains, select the transaction path having the minimum number of nodes that need to pass after the interrupted node as the transaction path having the highest correlation.
Further, the method for determining whether there is an abnormal time interval in the new transaction chain without interruption in step S4 is as follows:
s41, forming a time normal distribution graph by using the transaction time of the transaction chain which is not interrupted and corresponds to each transaction path in the path library;
s42, setting upper and lower thresholds of normal time distribution according to the time normal distribution diagram, and marking the new transaction chain error type with the inter-system transaction time exceeding the upper and lower thresholds as time interval abnormity; otherwise, the error type flag is empty, indicating that the time interval is normal.
Further, as for the system position where the interruption point analyzed in step S31 is located, an analysis report can be obtained by counting the occurrence times or frequencies, and the analysis report is displayed at the front end in the form of a subway map and/or a table, so as to prompt a manager about the system position where the interruption point is likely to occur and the related hardware facilities thereof; and the new transaction records marked as time interval anomalies in the step 4 are also analyzed by statistics and displayed in the front end in the form of subway maps and/or tables.
Further, the transaction record used in step S1 is a transaction record for at least 3 months without interruption.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
the invention monitors the transaction record through path matching, interruption monitoring and time interval abnormity monitoring, and introduces the transaction path obtained in the process into the path library, so as to monitor the abnormal path while acquiring the normal transaction path, thereby improving the accuracy of each monitoring step and optimizing the monitoring effect of the transaction monitoring system. Compared with a mode of realizing transaction association by installing a probe, the system does not need to be modified, so that manpower, money and time are saved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention, and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a flow chart of a transaction risk monitoring method based on transaction chain assembly according to an embodiment of the present invention.
FIG. 2 is a block flow diagram of a process for generating a transaction chain using atomic transaction assembly of transaction records without interruption, according to an embodiment of the invention.
Fig. 3 is a block diagram of a process of storing the generated transaction chain as a transaction path in a path library according to an embodiment of the present invention.
Fig. 4 is a block diagram of a process for assembling atomic transactions of a new transaction into a new transaction chain according to an embodiment of the present invention.
Fig. 5 is a block diagram of a process of determining whether a new transaction chain is interrupted according to an embodiment of the present invention.
Fig. 6 is a block flow diagram of matching the new transaction chain to be interrupted with the transaction path in the path library according to the embodiment of the present invention.
Fig. 7 is a block flow diagram of matching a new transaction chain without interruption with a transaction path in the path library according to an embodiment of the present invention.
Fig. 8 is a block diagram illustrating a process of monitoring a new transaction chain without interruption for time interval anomalies according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Examples
As shown in fig. 1, the present embodiment provides a transaction risk monitoring method based on transaction chain assembly, which includes the following steps:
s1, the same transaction exists in the form of atomic transaction among systems, the atomic transaction recorded by the uninterrupted transaction is used and assembled to generate a transaction chain, and the generated transaction chain is stored in a path library;
as shown in fig. 2, the method for generating the transaction chain in step S1 includes:
s11, acquiring the atomic transaction of the transaction record without interruption; it is generally recommended to use uninterrupted transaction records for at least 3 months as cold start data to obtain sufficient data volume;
s12, all atomic transactions are related by key fields (such as transaction serial number and customer number fields) of the basic information of the customers;
s13, after all atomic transactions are associated, arranging the atomic transactions in the occurrence time sequence so as to generate a transaction chain corresponding to the transaction record;
and S14, repeating the steps S11-S13, and generating corresponding transaction chains for all the transaction records which are not interrupted.
As shown in fig. 3, the method for storing the generated transaction chain in the path library in step S1 is as follows:
s15, counting all the transaction chains generated in the step S14, and combining the same transaction chains;
s16, calculating the independent support degree of each merged transaction chain; the support degree is the occurrence frequency of the transaction chain and represents the possibility degree of the transaction chain becoming a normal transaction path, and the higher the value of the support degree is, the higher the possibility is;
s17, setting a minimum threshold value of the support degree of the transaction chain according to the service requirement; the minimum threshold of the support degree can be set according to the practical application condition;
s18, performing manual verification on the transaction chain with the calculated support degree larger than the minimum threshold of the support degree:
(1) marking the calculated support degree which is greater than the minimum threshold of the support degree as a transaction chain of a transaction path through manual verification, marking the transaction chain as a normal transaction path and storing the transaction chain in a path library;
(2) marking the calculated supporting degree which is greater than the supporting degree minimum threshold value as a transaction chain of an abnormal path through manual verification, marking the transaction chain as the abnormal transaction path and storing the transaction chain in a path library;
(3) and marking the transaction chain with the calculated support degree smaller than the support degree minimum threshold as a potential transaction path and storing the potential transaction path in a path library.
That is, for the transaction chain whose calculated support degree is greater than the minimum threshold value of the support degree, it is not determined that the transaction chain is normal or abnormal, and the transaction chain may be handed over to some persons with qualification judgment for selection, so as to improve the reliability of the system. And if the calculated supporting degree is smaller than the supporting degree minimum threshold value, the transaction chain does not reach the standard of a normal transaction path, and verification is not needed.
S2, when a new transaction is generated, the new transaction record is disassembled into atomic transactions and reassembled to generate a new transaction chain, and whether the new transaction chain is interrupted or not is judged;
as shown in fig. 4, the method for generating the new transaction chain in step S2 includes:
s21, when a new transaction is generated, the ESB and the comprehensive operation platform push the real-time atomic transaction data of the new transaction to the unified log platform, the log platform converts the received real-time atomic transaction data into a JSON format required by the acquisition system, and the real-time atomic transaction data in the JSON format is sent to Topic of Kafka; kafka is a high-throughput distributed publish-subscribe messaging system, and Topic, i.e., publish-subscribe mode, of Kafka is a general data receiving mode.
S22, the acquisition system subscribes to the Topic of Kafka, so that the real-time atomic transaction data in the JSON format is received, the real-time atomic transaction data is used for matching key fields of the basic information of the client from the data warehouse, and then all the real-time atomic transaction data are associated with the matched key fields of the basic information of the client; the data warehouse is mainly used for storing a large amount of internal data of a bank, and comprises key fields in customer basic information used for assembling business transactions, such as customer numbers, card numbers, account numbers, mobile phone numbers, certificate numbers, transaction serial numbers and the like, the key field information of the customer basic information in the data warehouse is integrated into a user table, and then the user table is matched through the key fields of the customer basic information in the collected real-time atomic transaction data to obtain the corresponding key fields in the customer basic information, such as the transaction serial numbers and the customer numbers;
and S23, after all real-time atomic transaction data are associated, arranging the real-time atomic transaction data in the occurrence time sequence, so as to generate a new transaction chain corresponding to the new transaction record.
As shown in fig. 5, the method for determining whether the new transaction chain is interrupted in step S2 is to obtain message information of the atomic transaction of the new transaction chain, and determine whether there is interruption error reporting information in the message information: if the interruption error-reporting information exists, the abnormal type of the new transaction chain is marked as path interruption; if no interruption is reported in error, the abnormal type of the new transaction chain is set to be null, which indicates that no path interruption occurs.
S3, matching the new transaction chain with the transaction path in the path library according to the interruption condition of the new transaction chain, and executing S4 after matching is completed;
the method for matching the new transaction chain with the transaction path in the path library according to the interruption condition of the new transaction chain in step S3 includes:
s31, as shown in fig. 6, for the interrupted new transaction chain, matching the interrupted new transaction chain with the transaction path in the path library, and analyzing the system location where the interruption point is located by comparing the transaction path with the highest correlation degree in the path library, and adding 1 to the transaction path support degree. Further, for the analyzed system position where the interruption point is located, an analysis report can be obtained by counting the occurrence times or frequencies, and the analysis report is displayed at the front end in the form of a subway map and/or a table to prompt a manager of the system position where the interruption point is easy to occur and related hardware facilities thereof. The analysis report is also displayed at the front end in the form of subway maps and/or tables, so that related management personnel can be visually monitored for transaction chain interruption, and maintenance and management are facilitated. The method for matching the interrupted new transaction chain with the transaction paths in the path library comprises the steps of searching the transaction paths in the path library, which are consistent with the known nodes of the interrupted new transaction chain, screening the transaction chains which are identical with the operation codes in the message information of the atomic transaction of the interrupted new transaction chain, and selecting the transaction path with the minimum number of nodes required to pass after the interrupted nodes as the transaction path with the highest correlation degree if a plurality of transaction chains exist;
s32, as shown in fig. 7, for the new transaction chain without interruption, matching the new transaction chain without interruption with the transaction path in the path library, and if a matching transaction path is found in the path library, adding 1 to the transaction path support degree; and if the matched transaction path is not found in the path library, adding the transaction path of the new transaction chain into the path library and marking as a potential transaction path, and adding 1 to the support degree of the potential transaction path.
And S4, judging whether the time interval abnormity exists in the new transaction chain without interruption.
As shown in fig. 8, the method for determining whether there is an interval anomaly in the new transaction chain without interruption in step S4 includes:
s41, forming a time normal distribution graph by using the transaction time of the transaction chain which is not interrupted and corresponds to each transaction path in the path library;
s42, setting upper and lower thresholds of normal time distribution according to the time normal distribution diagram, and marking the new transaction chain error type with the inter-system transaction time exceeding the upper and lower thresholds as time interval abnormity; otherwise, the error type flag is empty, indicating that the time interval is normal. Furthermore, for the new transaction records marked as abnormal time intervals, statistical analysis is carried out, and the new transaction records are displayed at the front end in the form of subway maps and/or tables, so that related management personnel can be given to intuitively monitor abnormal conditions of the time intervals of the transaction chain, and maintenance and management are facilitated.
According to the process, the transaction records are monitored through path matching, interruption monitoring and time interval abnormity monitoring, the transaction paths obtained in the process are led into the path library, the abnormal paths are monitored while the normal transaction paths are obtained, the accuracy of each monitoring step is improved, and therefore the monitoring effect of the transaction monitoring system can be optimized. Compared with a mode of realizing transaction association by installing a probe, the system does not need to be modified, so that manpower, money and time are saved.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A transaction risk monitoring method based on transaction chain assembly is characterized by comprising the following steps:
s1, the same transaction exists in the form of atomic transaction among systems, the atomic transaction recorded by the uninterrupted transaction is used and assembled to generate a transaction chain, and the generated transaction chain is stored in a path library;
s2, when a new transaction is generated, the new transaction record is disassembled into atomic transactions and reassembled to generate a new transaction chain, and whether the new transaction chain is interrupted or not is judged;
s3, matching the new transaction chain with the transaction path in the path library according to the interruption condition of the new transaction chain, and executing S4 after matching is completed;
and S4, judging whether the time interval abnormity exists in the new transaction chain without interruption.
2. The transaction risk monitoring method based on transaction chain assembly of claim 1, wherein the method for generating transaction chain in step S1 is:
s11, acquiring the atomic transaction of the transaction record without interruption;
s12, associating all atomic transactions with key fields of basic information of customers;
s13, after all atomic transactions are associated, arranging the atomic transactions in the occurrence time sequence so as to generate a transaction chain corresponding to the transaction record;
and S14, repeating the steps S11-S13, and generating corresponding transaction chains for all the transaction records which are not interrupted.
3. The transaction risk monitoring method based on transaction chain assembly of claim 2, wherein the method for storing the generated transaction chain in the path library in step S1 is as follows:
s15, counting all the transaction chains generated in the step S14, and combining the same transaction chains;
s16, calculating the independent support degree of each merged transaction chain; the support degree is the occurrence frequency of the transaction chain and represents the possibility degree of the transaction chain becoming a normal transaction path, and the higher the value of the support degree is, the higher the possibility is;
s17, setting a minimum threshold value of the support degree of the transaction chain according to the service requirement;
s18, performing manual verification on the transaction chain with the calculated support degree larger than the minimum threshold of the support degree:
(1) marking the calculated support degree which is greater than the minimum threshold of the support degree as a transaction chain of a transaction path through manual verification, marking the transaction chain as a normal transaction path and storing the transaction chain in a path library;
(2) marking the calculated supporting degree which is greater than the supporting degree minimum threshold value as a transaction chain of an abnormal path through manual verification, marking the transaction chain as the abnormal transaction path and storing the transaction chain in a path library;
(3) and marking the transaction chain with the calculated support degree smaller than the support degree minimum threshold as a potential transaction path and storing the potential transaction path in a path library.
4. The transaction risk monitoring method based on transaction chain assembly of claim 3, wherein the method for generating the new transaction chain in step S2 is:
s21, when a new transaction is generated, the ESB and the comprehensive operation platform push the real-time atomic transaction data of the new transaction to the unified log platform, the log platform converts the received real-time atomic transaction data into a JSON format required by the acquisition system, and the real-time atomic transaction data in the JSON format is sent to Topic of Kafka;
s22, the acquisition system subscribes to the Topic of Kafka, so that the real-time atomic transaction data in the JSON format is received, the real-time atomic transaction data is used for matching key fields of the basic information of the client from the data warehouse, and then all the real-time atomic transaction data are associated with the matched key fields of the basic information of the client;
and S23, after all real-time atomic transaction data are associated, arranging the real-time atomic transaction data in the occurrence time sequence, so as to generate a new transaction chain corresponding to the new transaction record.
5. The method for monitoring transaction risk based on transaction chain assembly according to claim 4, wherein the method for determining whether the new transaction chain is interrupted in step S2 is to obtain message information of atomic transaction of the new transaction chain, determine whether there is interruption error reporting information in the message information: if the interruption error-reporting information exists, the abnormal type of the new transaction chain is marked as path interruption; if no interruption is reported in error, the abnormal type of the new transaction chain is set to be null, which indicates that no path interruption occurs.
6. The method for risk monitoring of transaction based on transaction chain assembly of claim 5, wherein the method for matching the new transaction chain with the transaction path in the path library according to the interruption condition of the new transaction chain in step S3 is as follows:
s31, for the interrupted new transaction chain, matching the interrupted new transaction chain with the transaction path in the path library, analyzing the system position of the interrupted point by comparing the transaction path with the highest correlation degree in the path library, and adding 1 to the transaction path support degree;
s32, for the new transaction chain without interruption, matching the new transaction chain without interruption with the transaction path in the path library, and if the matched transaction path is found in the path library, adding 1 to the transaction path support degree; and if the matched transaction path is not found in the path library, adding the transaction path of the new transaction chain into the path library and marking as a potential transaction path, and adding 1 to the support degree of the potential transaction path.
7. The transaction risk monitoring method according to claim 6, wherein the method of matching the new interrupted transaction chain with the transaction paths in the path library in step S31 is to select the transaction chain with the same operation code as the operation code in the message information of the atomic transaction of the new interrupted transaction chain by searching the transaction path in the path library that is consistent with the known node of the new interrupted transaction chain, and if there are multiple transaction chains, select the transaction path with the minimum number of nodes that need to pass after the interrupted node as the transaction path with the highest correlation.
8. The method for risk monitoring of transaction based on transaction chain assembly of claim 7, wherein the step S4 for determining whether there is any time interval abnormality in the new transaction chain without interruption is as follows:
s41, forming a time normal distribution graph by using the transaction time of the transaction chain which is not interrupted and corresponds to each transaction path in the path library;
s42, setting upper and lower thresholds of normal time distribution according to the time normal distribution diagram, and marking the new transaction chain error type with the inter-system transaction time exceeding the upper and lower thresholds as time interval abnormity; otherwise, the error type flag is empty, indicating that the time interval is normal.
9. The transaction risk monitoring method based on transaction chain assembly as claimed in claim 8, wherein for the system location where the break point analyzed in step S31 is located, an analysis report can be obtained by counting the occurrence times or frequency, and is displayed in front end in the form of subway map and/or table to prompt the manager of the system location where the break point is easy to occur and its related hardware facilities; and the new transaction records marked as time interval anomalies in the step 4 are also analyzed by statistics and displayed in the front end in the form of subway maps and/or tables.
10. The transaction risk monitoring method based on transaction chain assembly according to any of claims 1-9, wherein the transaction record used in step S1 is an uninterrupted transaction record for at least 3 months.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011491203.7A CN112465505B (en) | 2020-12-17 | 2020-12-17 | Transaction risk monitoring method based on transaction chain assembly |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011491203.7A CN112465505B (en) | 2020-12-17 | 2020-12-17 | Transaction risk monitoring method based on transaction chain assembly |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112465505A true CN112465505A (en) | 2021-03-09 |
| CN112465505B CN112465505B (en) | 2024-03-22 |
Family
ID=74803104
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011491203.7A Active CN112465505B (en) | 2020-12-17 | 2020-12-17 | Transaction risk monitoring method based on transaction chain assembly |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112465505B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0411748A2 (en) * | 1989-06-02 | 1991-02-06 | Reuters Limited | System for matching of buyers and sellers with risk minimization |
| CA2565323A1 (en) * | 2006-02-22 | 2007-01-18 | Witness Systems, Inc. | System and method for detecting and displaying business transactions |
| WO2009029571A1 (en) * | 2007-08-24 | 2009-03-05 | Creditex Group, Inc. | Systems and methods for volume clearing in online trading of credit derivatives |
| US7657474B1 (en) * | 2003-03-04 | 2010-02-02 | Mantas, Inc. | Method and system for the detection of trading compliance violations for fixed income securities |
| US20180330377A1 (en) * | 2017-05-11 | 2018-11-15 | Ca, Inc. | Emitter recognition and sequencing for risk analytics |
| US20190026707A1 (en) * | 2016-12-14 | 2019-01-24 | Ping An Technology (Shenzhen) Co., Ltd. | Method of detecting transaction system error, device, storage medium, and computer equipment |
| CN110502426A (en) * | 2019-07-08 | 2019-11-26 | 中国工商银行股份有限公司 | The test method and device of distributed data processing system |
| CN111127024A (en) * | 2019-11-19 | 2020-05-08 | 支付宝(杭州)信息技术有限公司 | Suspicious fund link detection method and device |
| US20200293959A1 (en) * | 2019-03-15 | 2020-09-17 | Everseen Limited | Distributed logbook for anomaly monitoring |
| CN111796957A (en) * | 2020-06-30 | 2020-10-20 | 中国工商银行股份有限公司 | Transaction abnormal root cause analysis method and system based on application log |
-
2020
- 2020-12-17 CN CN202011491203.7A patent/CN112465505B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0411748A2 (en) * | 1989-06-02 | 1991-02-06 | Reuters Limited | System for matching of buyers and sellers with risk minimization |
| US7657474B1 (en) * | 2003-03-04 | 2010-02-02 | Mantas, Inc. | Method and system for the detection of trading compliance violations for fixed income securities |
| CA2565323A1 (en) * | 2006-02-22 | 2007-01-18 | Witness Systems, Inc. | System and method for detecting and displaying business transactions |
| WO2009029571A1 (en) * | 2007-08-24 | 2009-03-05 | Creditex Group, Inc. | Systems and methods for volume clearing in online trading of credit derivatives |
| US20190026707A1 (en) * | 2016-12-14 | 2019-01-24 | Ping An Technology (Shenzhen) Co., Ltd. | Method of detecting transaction system error, device, storage medium, and computer equipment |
| US20180330377A1 (en) * | 2017-05-11 | 2018-11-15 | Ca, Inc. | Emitter recognition and sequencing for risk analytics |
| US20200293959A1 (en) * | 2019-03-15 | 2020-09-17 | Everseen Limited | Distributed logbook for anomaly monitoring |
| CN110502426A (en) * | 2019-07-08 | 2019-11-26 | 中国工商银行股份有限公司 | The test method and device of distributed data processing system |
| CN111127024A (en) * | 2019-11-19 | 2020-05-08 | 支付宝(杭州)信息技术有限公司 | Suspicious fund link detection method and device |
| CN111796957A (en) * | 2020-06-30 | 2020-10-20 | 中国工商银行股份有限公司 | Transaction abnormal root cause analysis method and system based on application log |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112465505B (en) | 2024-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20160371138A1 (en) | Anomaly detection service | |
| CN108537544B (en) | Real-time monitoring method and monitoring system for transaction system | |
| US8234145B2 (en) | Automatic computation of validation metrics for global logistics processes | |
| CN106951984B (en) | Dynamic analysis and prediction method and device for system health degree | |
| US10664837B2 (en) | Method and system for real-time, load-driven multidimensional and hierarchical classification of monitored transaction executions for visualization and analysis tasks like statistical anomaly detection | |
| US7464060B2 (en) | Time series pattern extraction apparatus and method | |
| KR100841876B1 (en) | Automatic monitoring and statistical analysis of dynamic process metrics to expose meaningful changes | |
| US20100082708A1 (en) | System and Method for Management of Performance Fault Using Statistical Analysis | |
| KR101808702B1 (en) | Enterprise Diagnostic Method Using Enterprise Diagnosis And Evaluation Integration System | |
| CN106294091A (en) | A kind of without intrusive mood daily record interception method for analyzing performance and system | |
| US7813298B2 (en) | Root cause problem detection in network traffic information | |
| US11378415B2 (en) | Method and system for detecting anomalies in energy consumption | |
| CN108170580A (en) | A kind of rule-based log alarming method, apparatus and system | |
| CN107302469B (en) | Monitoring device and method for data update of distributed service cluster system | |
| US20150271033A1 (en) | Scalable framework for monitoring machine-to-machine (m2m) devices | |
| CN102257520A (en) | Performance analysis of applications | |
| US20080168044A1 (en) | System and method for providing performance statistics for application components | |
| US7210073B1 (en) | Workflows for performance management methodology | |
| EP1177503A4 (en) | System for indexing pedestrian traffic | |
| US7162390B2 (en) | Framework for collecting, storing, and analyzing system metrics | |
| US20090049394A1 (en) | Quantifying and analyzing back office and field service processes | |
| CN112465505A (en) | Transaction risk monitoring method based on transaction chain assembly | |
| CN112733897A (en) | Method and equipment for determining abnormal reason of multi-dimensional sample data | |
| KR100781211B1 (en) | It service management method for bank and system there-of | |
| CN113835947A (en) | Method and system for determining abnormality reason based on abnormality identification result |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |